@@ -20,97 +20,86 @@ jobs:
2020 uses : googleapis/release-please-action@v4
2121 with :
2222 target-branch : 5.x
23-
24- compress_sign_and_upload :
25- needs : [release_please]
26- if : ${{ needs.release_please.outputs.release_created }}
27- environment : release
28- runs-on : ubuntu-latest
29- steps :
30- - uses : actions/checkout@v4
31- - name : actions/setup
32- uses : ./.github/actions/setup
33- - name : actions/compress_sign_and_upload
34- uses : ./.github/actions/compress_sign_and_upload
35- with :
36- aws_role_arn : ${{ secrets.AWS_ROLE_ARN }}
37- aws_region_name : ' us-east-1'
38- aws_secret_id : ${{ secrets.AWS_SECRET_ID }}
39- npm_package_name : ' bson'
40- - run : npm publish --provenance --tag=5x
41- env :
42- NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
4323
44- generate_sarif_report :
45- environment : release
46- runs-on : ubuntu-latest
24+ build :
4725 needs : [release_please]
26+ name : " Perform any build or bundling steps, as necessary."
27+ uses : ./.github/workflows/build.yml
28+
29+ ssdlc :
30+ needs : [release_please, build]
4831 permissions :
4932 # required for all workflows
5033 security-events : write
5134 id-token : write
5235 contents : write
53-
36+ environment : release
37+ runs-on : ubuntu-latest
5438 steps :
5539 - uses : actions/checkout@v4
56- - name : Set up drivers-github-tools
57- uses : mongodb-labs/drivers-github-tools/setup@v2
58- with :
59- aws_region_name : us-east-1
60- aws_role_arn : ${{ secrets.aws_role_arn }}
61- aws_secret_id : ${{ secrets.aws_secret_id }}
6240
63- - name : " Generate Sarif Report"
64- uses : mongodb-labs/drivers-github-tools/code-scanning-export@v2
41+ - name : Install Node and dependencies
42+ uses : mongodb-labs/drivers-github-tools/node/setup@v2
43+ with :
44+ ignore_install_scripts : false
45+
46+ - name : Load version and package info
47+ uses : mongodb-labs/drivers-github-tools/node/get_version_info@v2
48+ with :
49+ npm_package_name : bson
50+
51+ - name : actions/compress_sign_and_upload
52+ uses : mongodb-labs/drivers-github-tools/node/sign_node_package@v2
6553 with :
66- ref : 5.x
67- output-file : sarif-report.json
54+ aws_role_arn : ${{ secrets.AWS_ROLE_ARN }}
55+ aws_region_name : us-east-1
56+ aws_secret_id : ${{ secrets.AWS_SECRET_ID }}
57+ npm_package_name : bson
58+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
6859
69- - name : Get release version and release package file name
70- id : get_version
60+ - name : Copy sbom file to release assets
7161 shell : bash
72- run : |
73- package_version=$(jq --raw-output '.version' package.json)
74- echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
62+ if : ${{ '' == '' }}
63+ run : cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
64+
65+ # only used for mongodb-client-encryption
66+ - name : Augment SBOM and copy to release assets
67+ if : ${{ '' != '' }}
68+ uses : mongodb-labs/drivers-github-tools/sbom@v2
69+ with :
70+ silk_asset_group : ' '
71+ sbom_file_name : sbom.json
7572
76- name : actions/publish_asset_to_s3
77- uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3 @v2
73+ - name : Generate authorized pub report
74+ uses : mongodb-labs/drivers-github-tools/full-report @v2
7875 with :
79- version : ${{ steps.get_version.outputs.package_version }}
80- product_name : js-bson
81- file : sarif-report.json
82- dry_run : ${{ needs.release_please.outputs.release_created == '' }}
76+ release_version : ${{ env.package_version }}
77+ product_name : bson
78+ sarif_report_target_ref : 5.x
79+ third_party_dependency_tool : n/a
80+ dist_filenames : artifacts/*
81+ token : ${{ github.token }}
82+ sbom_file_name : sbom.json
83+ evergreen_project : js-bson
84+ evergreen_commit : ${{ env.commit }}
8385
84- upload_sbom_lite :
86+ - uses : mongodb-labs/drivers-github-tools/upload-s3-assets@v2
87+ with :
88+ version : ${{ env.package_version }}
89+ product_name : bson
90+ dry_run : ${{ needs.release_please.outputs.release_created == '' }}
91+
92+ publish :
93+ needs : [release_please, ssdlc, build]
8594 environment : release
8695 runs-on : ubuntu-latest
87- needs : [release_please]
88- permissions :
89- # required for all workflows
90- security-events : write
91- id-token : write
92- contents : write
93-
9496 steps :
9597 - uses : actions/checkout@v4
96- - name : Set up drivers-github-tools
97- uses : mongodb-labs/drivers-github-tools/setup@v2
98- with :
99- aws_region_name : us-east-1
100- aws_role_arn : ${{ secrets.aws_role_arn }}
101- aws_secret_id : ${{ secrets.aws_secret_id }}
10298
103- - name : Get release version and release package file name
104- id : get_version
105- shell : bash
106- run : |
107- package_version=$(jq --raw-output '.version' package.json)
108- echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
99+ - name : Install Node and dependencies
100+ uses : mongodb-labs/drivers-github-tools/node/setup@v2
109101
110- name : actions/publish_asset_to_s3
111- uses : mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
112- with :
113- version : ${{ steps.get_version.outputs.package_version }}
114- product_name : js-bson
115- file : sbom.json
116- dry_run : ${{ needs.release_please.outputs.release_created == '' }}
102+ - run : npm publish --provenance --tag=5x
103+ if : ${{ needs.release_please.outputs.release_created }}
104+ env :
105+ NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
0 commit comments